debian/0000755000000000000000000000000012255563074007177 5ustar debian/rules0000755000000000000000000000152712255563074010264 0ustar #!/usr/bin/make -f PACKAGE = $(shell dh_listpackages) TMP = $(CURDIR)/debian/$(PACKAGE) %: dh $@ override_dh_clean: dh_clean rm -rf $(CURDIR)/t/logs override_dh_auto_test: mkdir -p $(CURDIR)/t/logs APACHE_TEST_EXTRA_ARGS="-httpd_conf $(CURDIR)/debian/apache2.conf" \ dh_auto_test override_dh_installexamples: dh_installexamples sed -i -e \ '1i #!/usr/bin/perl\n' $(TMP)/usr/share/doc/$(PACKAGE)/examples/htdocs/docs/logout.pl sed -i -e \ '1i #!/usr/bin/perl\n' $(TMP)/usr/share/doc/$(PACKAGE)/examples/htdocs/docs/protected/echo_user.pl sed -i -e \ '1i #!/usr/bin/perl\n' $(TMP)/usr/share/doc/$(PACKAGE)/examples/htdocs/docs/echo_cookie.pl override_dh_fixperms: dh_fixperms chmod -x $(TMP)/usr/share/doc/$(PACKAGE)/examples/htdocs/docs/echo-user.pl \ $(TMP)/usr/share/doc/$(PACKAGE)/examples/htdocs/docs/protected/echo_user.pl debian/control0000644000000000000000000000326212255563074010605 0ustar Source: libapache2-authcookie-perl Maintainer: Debian Perl Group Uploaders: Keith Lawson , Xavier Guimard , Ivan Kohler Section: perl Priority: optional Build-Depends: debhelper (>= 8) Build-Depends-Indep: apache2-dev, libapache2-mod-perl2 (>= 2.0.8+http24-r1449661-6), libautobox-perl, libclass-load-perl, perl Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libapache2-authcookie-perl.git Vcs-Git: git://anonscm.debian.org/pkg-perl/packages/libapache2-authcookie-perl.git Homepage: https://metacpan.org/release/Apache-AuthCookie Package: libapache2-authcookie-perl Architecture: all Depends: ${misc:Depends}, ${perl:Depends}, libapache2-mod-perl2 (>= 2.0.5), libautobox-perl, libclass-load-perl Description: Perl Authentication and Authorization via cookies This module is for mod_perl version 2. If you are running mod_perl version 1, you should be using Apache::AuthCookie instead. . Apache2::AuthCookie allows you to intercept a user's first unauthenticated access to a protected document. The user will be presented with a custom form where they can enter authentication credentials. The credentials are posted to the server where AuthCookie verifies them and returns a session key. . The session key is returned to the user's browser as a cookie. As a cookie, the browser will pass the session key on every subsequent accesses. AuthCookie will verify the session key and re-authenticate the user. debian/source/0000755000000000000000000000000012255563074010477 5ustar debian/source/format0000644000000000000000000000001412255563074011705 0ustar 3.0 (quilt) debian/changelog0000644000000000000000000000324612255563074011056 0ustar libapache2-authcookie-perl (3.20-1) unstable; urgency=medium * Imported Upstream version 3.20 * Bump Standards-Version to 3.9.5 -- Xavier Guimard Sun, 22 Dec 2013 13:33:10 +0100 libapache2-authcookie-perl (3.19-3) unstable; urgency=low * Add README.apache-2.4 to docs -- Ivan Kohler Tue, 06 Aug 2013 22:54:20 -0700 libapache2-authcookie-perl (3.19-2) unstable; urgency=low [ gregor herrmann ] * Apache 2.4: - debian/control: build-depend on apache2-dev - add debian/apache2.conf and use it in debian/rules for tests Closes: #666837 [ Ivan Kohler ] * Apache 2.4: - Apply upstream patch from https://rt.cpan.org/Public/Bug/Display.html?id=85832 - Build-Dep-Indep on libapache2-mod-perl2 2.0.8+http24-r1449661-6 for new Apache::Test * Add myself to Uploaders: -- Ivan Kohler Tue, 06 Aug 2013 22:36:39 -0700 libapache2-authcookie-perl (3.19-1) unstable; urgency=low [ Ansgar Burchardt ] * debian/control: Convert Vcs-* fields to Git. [ Salvatore Bonaccorso ] * Change search.cpan.org based URIs to metacpan.org based URIs [ Xavier Guimard ] * Imported Upstream version 3.19 * Replace duplicated example files by links * Bump debian/copyright format to 1.0 * Bump Standards-Version to 3.9.4 * Add libautobox-perl and libclass-load-perl in dependencies * Add override in debian/rules to fix example files permissions -- Xavier Guimard Sat, 04 May 2013 22:15:40 +0200 libapache2-authcookie-perl (3.18-1) unstable; urgency=low * Initial Release. Closes: #624142 -- Keith Lawson Mon, 09 May 2011 13:05:19 -0400 debian/libapache2-authcookie-perl.links0000644000000000000000000000123612255563074015326 0ustar /usr/share/doc/libapache2-authcookie-perl/examples/htdocs/docs/authall/get_me.html /usr/share/doc/libapache2-authcookie-perl/examples/htdocs/docs/stimeout/get_me.html /usr/share/doc/libapache2-authcookie-perl/examples/htdocs/docs/authall/get_me.html /usr/share/doc/libapache2-authcookie-perl/examples/htdocs/docs/protected/get_me.html /usr/share/doc/libapache2-authcookie-perl/examples/htdocs/docs/authall/get_me.html /usr/share/doc/libapache2-authcookie-perl/examples/htdocs/docs/cookiename/get_me.html /usr/share/doc/libapache2-authcookie-perl/examples/htdocs/docs/authall/get_me.html /usr/share/doc/libapache2-authcookie-perl/examples/htdocs/docs/authany/get_me.html debian/libapache2-authcookie-perl.examples0000644000000000000000000000002612255563074016020 0ustar t/lib/Sample t/htdocs debian/compat0000644000000000000000000000000212255563074010375 0ustar 8 debian/clean0000644000000000000000000000001012255563074010173 0ustar t/SMOKE debian/patches/0000755000000000000000000000000012255563074010626 5ustar debian/patches/authcookie-httpd-24.patch0000644000000000000000000002575512255563074015364 0ustar diff --git a/README.apache-2.4 b/README.apache-2.4 new file mode 100644 index 0000000..48afee9 --- /dev/null +++ b/README.apache-2.4 @@ -0,0 +1,72 @@ +**** IMPORTANT ***** + +Due to the fact that mod_perl is not even an offical release at this point, and +the fact that Apache 2.4 has a radically different authentication API, this +module is alpha software. The API could very likely change at some point until +there is a stable mod_perl release for apache 2.4. + +Apache 2.4 has significant authentication API changes from previous versions of +Apache. At the time of this writing, mod_perl does not have an official +release for httpd 2.4, but this modules does support it. In order to migrate +to Apache 2.4, you will very likely need to update your configuration. + +Changes Required to use this module with apache 2.4: + +in httpd.conf: + Add: + + PerlAddAuthzProvider user Sample::Apache2::AuthCookieHandler->authz_handler + + Note that you can use something other than "user". e.g.: "my-user" if you + have other authentication modules in use that are responsible for "Requires + user ..." directives. + + Remove: + + All instances of: + + PerlAuthzHandler Your::AuthCookie::Handler->authorize + +Internal Changes: + +- authorize() has been removed. + + This is replaced by authz_handler. It has a different return type than + authorize. It is expected to return AUTHZ_GRANTED, AUTHZ_DENIED, or + AUTHZ_DENIED_NO_USER. + +- ${auth_name}Satisfy + + Satisfy support is removed as it is no longer needed with httpd 2.4. + + You can handle other non-user requirements with RequireAll, and additional + AuthzProvider handlers: + + e.g.: + + PerlAddAuthzProvider user Your::AuthCookieHandler->authz_handler + PerlAddAuthzProvider species Your::AuthCookieHandler->authz_species_handler + + + Require valid-user + Require species gerbil + + + see: https://httpd.apache.org/docs/2.4/howto/auth.html#reqaccessctrl + +- Unauthorized user response code + + In apache 2.4, in mod_authz_core, if no authz_handlers return + AUTHZ_GRANTED, then HTTP_UNAUTHORIZED is returned. In previous versions, + HTTP_FORBIDDEN was returned. You can get the old behaviour with: + + AuthzSendForbiddenOnFailure On + +TODO: +- add support for mod_auth_socache if possible +- figure out how to make a release that supports both Apache 2.2 and earlier + and also Apache 2.4+. +- currently, Apache::Test does not set any constants for APACHE24 in the config + file so there is no way to make t/extra.conf.in. Patch sent in to + rt.cpan.org for this. + diff --git a/lib/Apache2/AuthCookie.pm b/lib/Apache2/AuthCookie.pm index d9995fb..f014316 100644 --- a/lib/Apache2/AuthCookie.pm +++ b/lib/Apache2/AuthCookie.pm @@ -18,7 +18,50 @@ use Apache2::Response; use Apache2::Util; use Apache::AuthCookie::Autobox; use APR::Table; -use Apache2::Const qw(:common M_GET HTTP_FORBIDDEN HTTP_MOVED_TEMPORARILY HTTP_OK); +use Apache2::Const qw(:common + M_GET + HTTP_FORBIDDEN + HTTP_MOVED_TEMPORARILY + HTTP_OK + AUTHZ_GRANTED + AUTHZ_DENIED + AUTHZ_DENIED_NO_USER); + +sub authn_handler { + my ($self, $r) = @_; + + $r->server->log_error("AUTHN HANDLER ***********"); +} + +sub authz_handler { + my ($auth_type, $r, @requires) = @_; + + return AUTHZ_DENIED unless @requires; + + my $debug = $r->dir_config("AuthCookieDebug") || 0; + + my $user = $r->user; + + $r->server->log_error("authz user=$user type=$auth_type req=@requires") if $debug >=3; + + if ($user->is_blank) { + # user not yet authenticated + $r->server->log_error("No user authenticated", $r->uri); + return AUTHZ_DENIED_NO_USER; + } + + foreach my $req (@requires) { + $r->server->log_error("requirement := $req") if $debug >= 2; + + if (lc $req eq 'valid-user') { + return AUTHZ_GRANTED; + } + + return $req eq $user ? AUTHZ_GRANTED : AUTHZ_DENIED; + } + + return AUTHZ_DENIED; +} sub recognize_user { my ($self, $r) = @_; @@ -347,100 +390,6 @@ sub login_form_status { } } -sub satisfy_is_valid { - my ($auth_type, $r, $satisfy) = @_; - - $satisfy = lc $satisfy; - - if ($satisfy eq 'any' or $satisfy eq 'all') { - return 1; - } - else { - my $auth_name = $r->auth_name; - $r->server->log_error("PerlSetVar ${auth_name}Satisfy $satisfy invalid",$r->uri); - return 0; - } -} - -sub get_satisfy { - my ($auth_type, $r) = @_; - - my $auth_name = $r->auth_name; - - return lc $r->dir_config("${auth_name}Satisfy") || 'all'; -} - -sub authorize { - my ($auth_type, $r) = @_; - - my $debug = $r->dir_config("AuthCookieDebug") || 0; - - $r->server->log_error('authorize() for '.$r->uri()) if $debug >= 3; - - return OK unless $r->is_initial_req; #only the first internal request - - if ($r->auth_type ne $auth_type) { - $r->server->log_error("auth type mismatch $auth_type != ".$r->auth_type) - if $debug >= 3; - return DECLINED; - } - - my $reqs_arr = $r->requires or return DECLINED; - - my $user = $r->user; - - $r->server->log_error("authorize user=$user type=$auth_type") if $debug >=3; - - if ($user->is_blank) { - # the authentication failed - $r->server->log_error("No user authenticated", $r->uri); - return HTTP_FORBIDDEN; - } - - my $satisfy = $auth_type->get_satisfy($r); - return SERVER_ERROR unless $auth_type->satisfy_is_valid($r,$satisfy); - my $satisfy_all = $satisfy eq 'all'; - - my ($forbidden); - foreach my $req (@$reqs_arr) { - my ($requirement, $args) = split /\s+/, $req->{requirement}, 2; - $args = '' unless defined $args; - $r->server->log_error("requirement := $requirement, $args") if $debug >= 2; - - if (lc($requirement) eq 'valid-user') { - if ($satisfy_all) { - next; - } - else { - return OK; - } - } - - if ($requirement eq 'user') { - if ($args =~ m/\b$user\b/) { - next if $satisfy_all; - return OK; # satisfy any - } - - $forbidden = 1; - next; - } - - # Call a custom method - my $ret_val = $auth_type->$requirement($r, $args); - $r->server->log_error("$auth_type->$requirement returned $ret_val") if $debug >= 3; - if ($ret_val == OK) { - next if $satisfy_all; - return OK; # satisfy any - } - - # Nothing succeeded, deny access to this user. - $forbidden = 1; - } - - return $forbidden ? HTTP_FORBIDDEN : OK; -} - sub send_cookie { my ($self, $r, $ses_key, $cookie_args) = @_; diff --git a/t/conf/extra.conf.in b/t/conf/extra.conf.in index b4c5c3e..133cb5d 100644 --- a/t/conf/extra.conf.in +++ b/t/conf/extra.conf.in @@ -8,6 +8,10 @@ PerlRequire @ServerRoot@/startup.pl PerlSwitches -I@ServerRoot@/lib PerlModule Sample::Apache2::AuthCookieHandler PerlModule ModPerl::Registry + + + PerlAddAuthzProvider user Sample::Apache2::AuthCookieHandler->authz_handler + PerlSetVar WhatEverPath / @@ -19,6 +23,12 @@ PerlSetVar WhatEverCookieName Sample::AuthCookieHandler_WhatEver AllowOverride All + + + AuthzSendForbiddenOnFailure On + + + # These documents require user to be logged in. AuthName WhatEver @@ -30,9 +40,11 @@ PerlSetVar WhatEverCookieName Sample::AuthCookieHandler_WhatEver AuthType Sample::Apache2::AuthCookieHandler PerlAuthenHandler Sample::Apache2::AuthCookieHandler->authenticate - PerlAuthzHandler Sample::Apache2::AuthCookieHandler->authorize + + PerlAuthzHandler Sample::Apache2::AuthCookieHandler->authorize + - require user programmer + Require user programmer # must satisfy any requirement @@ -47,7 +59,9 @@ PerlSetVar WhatEverCookieName Sample::AuthCookieHandler_WhatEver AuthType Sample::Apache2::AuthCookieHandler PerlAuthenHandler Sample::Apache2::AuthCookieHandler->authenticate - PerlAuthzHandler Sample::Apache2::AuthCookieHandler->authorize + + PerlAuthzHandler Sample::Apache2::AuthCookieHandler->authorize + Require user some-user Require user programmer @@ -66,10 +80,20 @@ PerlSetVar WhatEverCookieName Sample::AuthCookieHandler_WhatEver AuthType Sample::Apache2::AuthCookieHandler PerlAuthenHandler Sample::Apache2::AuthCookieHandler->authenticate - PerlAuthzHandler Sample::Apache2::AuthCookieHandler->authorize + + PerlAuthzHandler Sample::Apache2::AuthCookieHandler->authorize + + + + + Require user some-user + Require user programmer + + + + Require user some-user + Require user programmer - Require user some-user - Require user programmer @@ -83,7 +107,9 @@ PerlSetVar WhatEverCookieName Sample::AuthCookieHandler_WhatEver AuthType Sample::Apache2::AuthCookieHandler PerlAuthenHandler Sample::Apache2::AuthCookieHandler->authenticate - PerlAuthzHandler Sample::Apache2::AuthCookieHandler->authorize + + PerlAuthzHandler Sample::Apache2::AuthCookieHandler->authorize + Require user some-user Require user programmer @@ -98,6 +124,9 @@ PerlSetVar WhatEverCookieName Sample::AuthCookieHandler_WhatEver AuthType Sample::Apache2::AuthCookieHandler + + Require all granted + PerlFixupHandler Sample::Apache2::AuthCookieHandler->recognize_user @@ -114,6 +143,9 @@ PerlSetVar WhatEverCookieName Sample::AuthCookieHandler_WhatEver PerlResponseHandler ModPerl::Registry AuthType Sample::Apache2::AuthCookieHandler + + Require all granted + PerlFixupHandler Sample::Apache2::AuthCookieHandler->recognize_user @@ -128,6 +160,9 @@ PerlSetVar WhatEverCookieName Sample::AuthCookieHandler_WhatEver AuthType Sample::Apache2::AuthCookieHandler + + Require all granted + PerlResponseHandler Sample::Apache2::AuthCookieHandler->login @@ -143,6 +178,9 @@ PerlSetVar WhatEverCookieName Sample::AuthCookieHandler_WhatEver AuthType Sample::Apache2::AuthCookieHandler + + Require all granted + PerlResponseHandler Sample::Apache2::AuthCookieHandler->login debian/patches/series0000644000000000000000000000006012255563074012037 0ustar fix-faq-manpage.patch authcookie-httpd-24.patch debian/patches/fix-faq-manpage.patch0000644000000000000000000000104512255563074014610 0ustar Description: Fixes first NAME field in FAQ.pod adding "\-" and description. Origin: vendor Bug: https://rt.cpan.org/Ticket/Display.html?id=91579 Forwarded: https://rt.cpan.org/Ticket/Display.html?id=91579 Author: Keith Lawson Reviewed-by: gregor herrmann Last-Update: 2013-12-22 --- a/lib/Apache/AuthCookie/FAQ.pod +++ b/lib/Apache/AuthCookie/FAQ.pod @@ -9,7 +9,7 @@ =head1 NAME -Apache::AuthCookie::FAQ +Apache::AuthCookie::FAQ - Frequently Asked Questions about Apache::AuthCookie. =head1 VERSION debian/copyright0000644000000000000000000000212112255563074011126 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Apache-AuthCookie Source: https://metacpan.org/release/Apache-AuthCookie/ Upstream-Contact: Michael Schout Files: * Copyright: 2000, Ken Williams License: Artistic or GPL-1+ Files: debian/* Copyright: 2011, Keith Lawson 2013, Xavier Guimard License: Artistic or GPL-1+ License: Artistic This program is free software; you can redistribute it and/or modify it under the terms of the Artistic License, which comes with Perl. . On Debian systems, the complete text of the Artistic License can be found in `/usr/share/common-licenses/Artistic'. License: GPL-1+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. . On Debian systems, the complete text of version 1 of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-1'. debian/apache2.conf0000644000000000000000000000056212255563074011354 0ustar LoadModule mpm_worker_module "/usr/lib/apache2/modules/mod_mpm_worker.so" LoadModule authn_core_module "/usr/lib/apache2/modules/mod_authn_core.so" LoadModule authz_core_module "/usr/lib/apache2/modules/mod_authz_core.so" LoadModule authz_user_module "/usr/lib/apache2/modules/mod_authz_user.so" LoadModule auth_basic_module "/usr/lib/apache2/modules/mod_auth_basic.so" debian/libapache2-authcookie-perl.docs0000644000000000000000000000004212255563074015130 0ustar README.modperl2 README.apache-2.4 debian/watch0000644000000000000000000000020012255563074010220 0ustar version=3 https://metacpan.org/release/Apache-AuthCookie/ .*/Apache-AuthCookie-v?(\d[\d.-]+)\.(?:tar(?:\.gz|\.bz2)?|tgz|zip)$